
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



10/037,239 



01/02/2002 



Joseph F. Cihula 



8791 7590 05/21/2004 

BLAKELY SOKOLOFF TAYLOR & ZAFMAN 
12400 WILSHIRE BOULEVARD, SEVENTH FLOOR 
LOS ANGELES, CA 90025 



42390PI3066 



6665 



EXAMINER 



ALAM, SHAH1D AL 



ART UNIT 



PAPER NUMBER 



2172 

DATE MAILED: 05/21/2004 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 











Annliratinn Kin 
MfjpilCallun WO. 




Office Action Summary 


10/037 239 


CIHULA ET AL 


Examiner 

Shahid Al Alam 


Art Unit 

2172 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )□ Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) H Claim(s) 7-63 is/are pending in the application. 

4a) Of the above claim (s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) KI Claim(s) 1-11. 14-46 and 49-63 is/are rejected. 

7) IEI Claim(s) 12,13.47 and 48 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1 ) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of DraftspersorVs Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) ^ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date 2. 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 
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DETAILED ACTION 



Claims 1 - 63 are pending in this Office action. 



Information Disclosure Statement 



2. The listing of references in the specification is not a proper information disclosure 
statement. 37 CFR 1 .98(b) requires a list of all patents, publications, or other 
information submitted for consideration by the Office, and MPEP § 609 A(1) states, "the 
list may not be incorporated into the specification but must be submitted in a separate 
paper." Therefore, unless the references have been cited by the examiner on form 
PTO-892, they have not been considered. 



3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1 - 63 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 1 , 8 and 19 recite the limitation "A method" in claim. There is insufficient 
antecedent basis for this limitation in the claim. 

Claim 29 recites the limitation "A system" in claim. There is insufficient 
antecedent basis for this limitation in the claim. 

Claims 36, 43 and 54 recite the limitation "A article of manufacture" in claim. 
There is insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC § 112 
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Claim Rejections - 35 USC § 101 



4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1 - 63 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 



MPEP2106IV.B.2.(b) 

A claim that requires one or more acts to be performed defines a process. However, not 
all processes are statutory under 35 U.S.C. 101. Schrader, 22 F.3d at 296, 30 USPQ2d at 1460. 
To be statutory, a claimed computer-related process must either: (A) result in a physical 
transformation outside the computer for which a practical application in the technological arts is 
either disclosed in the specification or would have been known to a skilled artisan, or (B) be 
limited to a practical application within the technological arts. 

MPEP 2106.II.A 

A process that consists solely of the manipulation of an abstract idea is not concrete or 
tangible. See In re Warmerdam, 33 F.3d 1354, 1360, 31 USPQ2d 1754, 1759 (Fed. Cir. 1994). 

Claims 1 - 63, in view of the above cited MPEP sections, are not statutory 
because they merely recite a number of computing steps without producing any tangible 
result and/or being limited to a practical application within the technological arts. The 
use of a computer has not been indicated. 
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Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1 - 5, 7, 36 - 40 and 42 are rejected under 35 U.S.C. 102(b) as being 
anticipated by U.S. Patent Number 6,055,636 issued to Stephen Hillier et al. ("Hillier"). 

With respect to claim 1, Hillier teaches a method comprising: reading 
distinguished name data from a signed certificate received from a certificate authority 
(column 5, lines 45 - 50); and 

searching a data structure to identify a certificate signing request associated with 
the signed certificate (column 3, lines 29 - 31), the identified certificate signing request 
corresponding to the read distinguished name data (column 2, lines 38 - 39 and 49 - 
54). 

As to claim 2, identifying a key pair associated with the signed certificate (column 
2, lines 49 - 54). 

As to claim 3, the read distinguished name data comprising all of the 
distinguished name data contained in the signed certificate (column 5, lines 18 - 22). 

As to claim 4, the identified certificate signing request corresponding to a portion 
of the read distinguished name data (column 5, lines 18 - 22). 

As to claim 5, importing the signed certificate to a server associated with the 
identified certificate signing request (column 3, lines 29 - 31). 
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As to claim 7, identifying at least two certificate signing requests associated with 
the signed certificate (column 3, lines 29 - 45). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 

under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was 

not commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 103(a). 

7. Claims 6 and 41 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hillier and in view of "How To: Enable SSL for All Customers Who Interact with Your 
Web Site." 

As to claim 6, Hillier teaches the secure communication device includes a 
security activation module, ... an application programmatic interface (see column 3, 
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lines 4-14). Hillier does not explicitly teach the signed certificate is imported to a 
device that performs SSL processing on behalf of the server as claimed. 

"HOW TO: Enable SSL" discloses claimed signed certificate is imported to a 
device that performs SSL processing on behalf of the server (To enable SSL server 
certificate verification, and to provide the level of security that your customers desire, you should obtain a 
certificate from a third-party CA. Certificates that are issued to your organization by a third-party CA are 
typically tied to the Web server, and more specifically to the Web site to which you to bind SSL. You can 
create your own certificate with the Internet Information Services (IIS) server, but if you do so, your clients 
must implicitly trust you as the certificate authority). 

It would have been obvious to a person of ordinary skill in the art at the time of 
the invention to combine "HOW TO: Enable SSL" with Hillier to provide the level of 
security to users. 

Claims 36 - 42 are essentially the same as claims 1 - 7 except that it set forth 
the claimed invention as an article of manufacture rather than a method and rejected for 
the same reasons as applied hereinabove. 

8. Claims8-11, 14-18, 19 -28, 29 - 35, 43 -46, 49- 53 and 54 - 63 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over Hillier and further in view of 
U.S. Patent Number 6,067,623 issued to George Blakley et al. ("Blakley"). 

With respect to claim 8, Hillier teaches distinguished name data for each of a 
plurality of certificate signing requests (column 5, lines 45 - 50); extracting distinguished 
name data from a signed certificate received from a certificate authority (column 3, lines 
29 - 33); and comparing the extracted distinguished name data to identify a certificate 
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signing request associated with the signed certificate from the plurality of certificate 
signing requests (column 2, lines 38 - 39, 49-54 and column 5, lines 1 - 9). 

Hillier does not explicitly teach providing a mapping table as claimed. 

Blakley teaches claimed mapping table (see column 4, lines 18-49 and column 
5, lines 7- 16). 

It would have been obvious to a person of ordinary skill in the art at the time of 
the invention to combine Blakley with Hillier to maintain client enterprise resource 
authorization control at the middle tier server. It would have been obvious to enable 
single client authentication with access to multiple enterprise resources each having 
individual authorization mechanisms (column 3, lines 24 - 30; Blakley). 

As to claim 9, at least a common name for each of the plurality of certificate 
signing requests (column 3, lines 29 - 33; Hillier) . 

As to claim 10, the extracted distinguished name data comprising all of the 
distinguished name data contained in the signed certificate (column 5, lines 18 - 22). 

As to claim 1 1 , the extracted distinguished name data comprising a common 
name (column 5, lines 18 - 22). 

As to claim 14, comparing the extracted distinguished name data with the 
mapping table data to identify at least two certificate signing requests from the plurality 
of certificate signing requests (column 2, lines 38 - 39, 49 - 54 and column 5, lines 1 - 
9); and determining which of the at least two certificate signing requests is associated 
with the signed certificate (column 3, lines 29 - 45). 
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As to claim 15, performing a second search of the mapping table data to 
determine which of the at least two certificate signing requests is associated with the 
signed certificate (column 3, lines 29 - 45). 

As to claim 16, importing the signed certificate to a server associated with the 
identified certificate signing request (column 3, lines 29 - 33). 

As to claim 18, identifying at least two certificate signing requests associated with 
the signed certificate (column 3, lines 29 - 45). 

With respect to claim 19, Hillier teaches generating a certificate signing request, 
the certificate signing request including distinguished name data (column 5, lines 45 - 
50); 

transmitting the certificate signing request to a certificate authority (column 1 , 
lines 64 - 65); 

receiving a signed certificate from the certificate authority, the signed certificate 
including distinguished name data (column 1 , lines 58 - 60); 

extracting the distinguished name data from the signed certificate (column 2, 
lines 45 - 47 and column 3, lines 29 - 33); and comparing the extracted distinguished 
name data with the stored distinguished name data contained in the mapping table to 
identify the certificate signing request (column 2, lines 38 - 39, 49 - 54 and column 5, 
lines 1 - 9). 

Hillier does not explicitly teach providing a mapping table as claimed. 
Blakley teaches claimed mapping table (see column 4, lines 18-49 and column 
5, lines 7- 16). 
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It would have been obvious to a person of ordinary skill in the art at the time of 
the invention to combine Blakley with Hillier to maintain client enterprise resource 
authorization control at the middle tier server. It would have been obvious to enable 
single client authentication with access to multiple enterprise resources each having 
individual authorization mechanisms (column 3, lines 24 - 30; Blakley). 

Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hillier 
and Blakley and further in view of "How To: Enable SSL for All Customers Who Interact 
with Your Web Site." ("How To: Enable SSL"). 

As to claim 17, Hillier teaches the secure communication device includes a 
security activation module, ... an application programmatic interface (see column 3, 
lines 4-14). Hillier and Blakley do not explicitly teach the signed certificate is imported 
to a device that performs SSL processing on behalf of the server as claimed. 

"HOW TO: Enable SSL" discloses claimed signed certificate is imported to a 
device that performs SSL processing on behalf of the server (To enable SSL server 
certificate verification, and to provide the level of security that your customers desire, you should obtain a 
certificate from a third-party CA. Certificates that are issued to your organization by a third-party CA are 
typically tied to the Web server, and more specifically to the Web site to which you to bind SSL. You can 
create your own certificate with the Internet Information Services (IIS) server, but if you do so, your clients 
must implicitly trust you as the certificate authority). 

It would have been obvious to a person of ordinary skill in the art at the time of 
the invention to combine "HOW TO: Enable SSL" with Hillier to provide the level of 
security to users. 
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The subject matter of claims 20 - 28 are rejected in the analysis above in claims 
8-11,14-19 and these claims are rejected on that basis. 

Claims 29 - 35 are essentially the same as claims 8-11,14-18 and 19 except 
that it sets forth the claimed invention as a system rather than a method and rejected for 
the same reasons as applied above. 

Claims 43 - 46 and 49 - 53 are essentially the same as claims 8-11 and 14 - 
18 except that it sets forth the claimed invention as an article of manufacture rather than 
a method and rejected for the same reasons as applied above. 

Claims 54 - 63 are essentially the same as claims 8-11,14-18 and 19 except 
that it sets forth the claimed invention as an article of manufacture rather than a method 
and rejected for the same reasons as applied above. 

Allowable Subject Matter 

9. Claims 12, 13, 47 and 48 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 
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Contact Information 



10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shahid Al Alam whose telephone number is (703) 305- 
2358. The examiner can normally be reached on Monday-Thursday 8:00 A.M. - 4:00 
P.M.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John E Breene can be reached on (703) 305-9790. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Snahid Al Alam 
Primary Examiner 
Art Unit 2172 




17 May 2004 



